CN111316269A - Terminal security protection method and device - Google Patents

Terminal security protection method and device Download PDF

Info

Publication number
CN111316269A
CN111316269A CN201780096669.7A CN201780096669A CN111316269A CN 111316269 A CN111316269 A CN 111316269A CN 201780096669 A CN201780096669 A CN 201780096669A CN 111316269 A CN111316269 A CN 111316269A
Authority
CN
China
Prior art keywords
terminal
security
mode
safety
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201780096669.7A
Other languages
Chinese (zh)
Inventor
涂永峰
龙水平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN111316269A publication Critical patent/CN111316269A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

The application relates to the field of terminals, in particular to a security protection method of a terminal. In the terminal security protection method, security mode information is configured according to risks to be paid attention to by a terminal, and a security mode of the terminal is established according to the configured security mode information. The terminal safety protection method comprises a safety shutdown method, namely setting safety shutdown time, wherein the terminal does not accept startup operation within the safety shutdown time. By the scheme provided by the application, the safety under the condition that the terminal is separated from the control of the user can be effectively ensured.

Description

Terminal security protection method and device Technical Field
The present application relates to the field of communications, and in particular, to a method and an apparatus for security protection of a terminal.
Background
With the development of information technology, intelligent terminals represented by mobile phones are emerging, and great convenience is provided for life of people. Currently, a terminal can store various information of a user, such as contact information, financial information, work data, personal privacy and the like. However, in daily life and work, there are often situations where the terminal is left from the user's control (e.g., lost, left during swimming or bathing), and in such situations, the terminal may face a variety of risks (e.g., the lock screen password is broken, the message is eavesdropped, etc.).
At present, in order to prevent the terminal from being threatened by the risk, when the terminal is lost, the information of the terminal can be remotely destroyed. More complex security information can be set for the terminal and matched with the fingerprint password, so that the security of the terminal is improved. But a large loss of information may result from this. Meanwhile, the risk of the terminal being cracked cannot be completely eliminated.
Disclosure of Invention
The embodiment of the invention provides a security protection method and device for a terminal, which can improve the security performance of the terminal when the terminal is separated from the control of a user and reduce the risk of information loss of the terminal by enabling the terminal to enter a security mode.
In a first aspect, an embodiment of the present invention provides a method for protecting security of a terminal, where the method is used to protect information security of the terminal, and includes the following steps:
the method comprises the steps that a terminal detects a first operation of a user, wherein the first operation is used for enabling the terminal to enter a safe mode; the security mode includes at least one of the following options: the terminal enters a screen locking state, the screen cannot be unlocked in a first time period, and the terminal cannot be powered off or restarted; the terminal does not allow the start of the flight mode; and the terminal is powered off, and the power-on operation is not allowed in a second time period. Therefore, the terminal can effectively ensure the safety of the terminal under the condition of being separated from the control of the user in the safety mode, and the safety risk is greatly reduced.
In one possible implementation, the method further includes: and when the time for the terminal to enter the screen locking state is more than or equal to a first threshold value, the terminal automatically enters the safety mode.
In another possible implementation manner, the method further includes: verifying first safety information before the terminal enters the safety mode; the first security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
In another possible implementation manner, the method further includes: the first operation comprises at least one of the following options: voice, specific gesture, selection of touch key, and operation of physical key.
In another possible implementation manner, the method further includes: in the secure mode, at least one of a software function or a hardware function of the terminal is disabled. The implementation mode can better improve the safety of the terminal equipment and is convenient for the user to set in a personalized way.
In another possible implementation manner, the method further includes: the terminal equipment can automatically set the safety risk concerned by the user according to the user requirement to protect, and the terminal safety can be pertinently enhanced through the mode, so that the efficiency is improved, and the user can conveniently set the safety risk in an individualized way.
In another possible implementation manner, the method further includes: and the terminal detects a second operation and exits the safety mode.
In another possible implementation manner, the method further includes: before exiting the security mode, the terminal verifies second security information, wherein the second security information is different from the first security information; the second security information includes at least one of the following options: numbers, graphical passwords, and biometrics. The second security information has higher operation authority than the first security information, and the second security information needs to be verified when the terminal is powered on in the second time period.
In another possible implementation manner, the method further includes: and the terminal needs to verify second safety information if the operation forbidden in the safety mode is executed in the first time period or the second time period.
In another possible implementation manner, the method further includes: and if the second safety information is not set by the terminal, the operation of the terminal in a safety mode is forbidden.
In another possible implementation manner, the method further includes: before entering the security mode, the terminal verifies the first security information, otherwise, the terminal cannot enter the security mode.
In another possible implementation manner, the method further includes: the terminal can preset a time point, and when the preset time point is reached, the terminal automatically enters a safety mode, so that the safety of the terminal equipment can be improved.
In another possible implementation manner, the method further includes: the terminal is provided with an intelligent mode, and the terminal can enter a safe mode according to the state of the intelligent mode, so that the flexibility of the safety protection of the terminal can be improved.
In another possible implementation manner, the method further includes: the terminal records the safety log in the safety mode, so that a user can conveniently inquire any event in the safety mode, and the safety is improved.
In another possible implementation manner, the method further includes: when the terminal detects the abnormality, the terminal sends information to the matched terminal, so that the user can process the information in time and the loss is reduced.
In a second aspect, an embodiment of the present invention provides a terminal, including: the terminal comprises a detection module, a processing module and a processing module, wherein the detection module is used for detecting a first operation of a user, and the first operation is used for enabling the terminal to enter a safe mode; the security mode includes at least one of the following options: the terminal enters a screen locking state, the screen cannot be unlocked in a first time period, and the terminal cannot be powered off or restarted; the terminal does not allow the start of the flight mode; and the terminal is powered off, and the power-on operation is not allowed in a second time period.
In a possible implementation manner, the terminal further includes: the verification module is used for verifying the first safety information; the first security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
In another possible implementation manner, the terminal further includes: a disabling module for disabling at least one of a software function or a hardware function of the terminal.
In a third aspect, an embodiment of the present invention provides a terminal, including: one or more processors; one or more memories in which one or more computer programs are stored, the one or more computer programs comprising instructions which, when executed by the one or more processors, cause the terminal to perform any of the methods of the first aspect described above.
In a fourth aspect, an embodiment of the present invention provides a computer program product including instructions, which, when run on an electronic device, causes the electronic device to perform the method according to the first aspect.
In a fifth aspect, an embodiment of the present invention provides a computer-readable storage medium, which includes instructions that, when executed on an electronic device, cause the electronic device to perform the method according to the first aspect.
In a sixth aspect, an embodiment of the present invention further provides a data processing system, which includes modules for executing the methods provided in the first aspect.
Compared with the prior art, the scheme provided by the invention has better safety performance, more applicable scenes and high personalized degree. For example, a user can set security risks needing attention and software and hardware functions needing limitation in an operating system in a self-defined mode according to own requirements. When a user leaves the terminal, the safe power-off time can be set, and the terminal cannot be powered on within a period of time after the user leaves. Meanwhile, the user can also set a safe shutdown password, and the terminal can be normally started only after the safe shutdown password is successfully verified in a safe shutdown state or after the safe shutdown password is successfully verified.
These and other aspects of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.
Drawings
Fig. 1 is a partial block diagram of a terminal according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for a terminal to enter a security mode according to an embodiment of the present invention;
fig. 3(a) is a flowchart of a method for activating a security mode by a terminal according to an embodiment of the present invention;
FIG. 3(b) is a schematic diagram of a special gesture activated security mode according to an embodiment of the present invention;
fig. 3(c) is a schematic screen locking diagram of the terminal in the secure mode according to the embodiment of the present invention;
fig. 4 is a flowchart of a method for a terminal to self-activate a security mode according to an embodiment of the present invention;
fig. 5 is a flowchart of a method for detecting an anomaly by a terminal according to an embodiment of the present invention;
fig. 6(a) is a flowchart of a method for turning off a terminal in a secure mode according to an embodiment of the present invention;
FIG. 6(b) is a schematic diagram of a shutdown interface in a secure mode according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating a method for determining whether a user configures second security information according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating a method for verifying second security information when the terminal is powered off in the security mode according to an embodiment of the present invention;
fig. 9 is a flowchart illustrating a method for setting a second time period according to an embodiment of the present invention;
FIG. 10 is a flow chart illustrating a method for starting up a computer during a second time period according to an embodiment of the present invention;
fig. 11 shows a block diagram of a terminal according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described below with reference to the accompanying drawings.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
It should be understood that although the terms first, second, third, etc. may be used to describe various messages, requests, and terminals in embodiments of the present invention, these messages, requests, and terminals should not be limited by these terms. These terms are only used to distinguish messages, requests and terminals from one another. For example, a first terminal may also be referred to as a second terminal, and similarly, a second terminal may also be referred to as a first terminal, without departing from the scope of embodiments of the present invention.
The safety protection method provided by the embodiment of the invention is used for protecting the information safety of the terminal. The terminal may be, for example: a Mobile phone, a tablet computer, a laptop computer, a digital camera, a Personal Digital Assistant (PDA), a navigation Device, a Mobile Internet Device (MID) or a wearable Device, etc.
Fig. 1 is a block diagram of a partial structure of a terminal according to an embodiment of the present invention. The terminal is described by taking a mobile phone 100 as an example, and referring to fig. 1, the mobile phone 100 includes: radio Frequency (RF) circuit 110, power supply 120, processor 130, memory 140, input unit 150, display unit 160, sensor 170, audio circuit 180, and wireless fidelity (Wi-Fi) module 190. Those skilled in the art will appreciate that the handset configuration shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes the components of the mobile phone 100 in detail with reference to fig. 1:
the RF circuit 110 may be used for transmitting and receiving information or for receiving and transmitting signals during a call. For example: RF circuitry 110 may send downlink data received from the base station to processor 130 for processing and may send uplink data to the base station. In general, RF circuits include, but are not limited to, an RF chip, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, a radio frequency switch, and the like. In addition, the RF circuitry 110 may also communicate wirelessly with networks and other devices. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Messaging Service (SMS), and the like.
The memory 140 may be used to store software programs and modules, and the processor 130 executes various functional applications and data processing of the mobile phone 100 by operating the software programs and modules stored in the memory 140. The memory 140 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone 100, and the like. Further, the memory 140 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The memory 140 may also store a knowledge base, a tag base, and an algorithm base.
The input unit 150 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone 100. Specifically, the input unit 150 may include a touch panel 151 and other input devices 152. The touch panel 151, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 151 (e.g., an operation performed by the user on or near the touch panel 151 using any suitable object or accessory such as a finger or a stylus), and drive a corresponding connection device according to a preset program. Alternatively, the touch panel 151 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 130, and can receive and execute commands sent by the processor 130. In addition, the touch panel 151 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 150 may include other input devices 152 in addition to the touch panel 151. In particular, other input devices 152 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 160 may be used to display information input by or provided to the user and various menus of the cellular phone 100. The display unit 160 may include a display panel 161, and optionally, the display panel 161 may be configured in the form of a Liquid Crystal Display (LCD), an electromechanical laser display (OLED), or the like. Further, the touch panel 151 may cover the display panel 161, and when the touch panel 151 detects a touch operation thereon or nearby, the touch panel transmits the touch operation to the processor 130 to determine the type of the touch event, and then the processor 130 provides a corresponding visual output on the display panel 161 according to the type of the touch event. Although the touch panel 151 and the display panel 161 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile phone 100, in some embodiments, the touch panel 151 and the display panel 161 may be integrated to implement the input and output functions of the mobile phone 100.
The handset 100 may also include at least one sensor 170, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 161 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 161 and/or the backlight when the mobile phone 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, tapping), and the like. The mobile phone 100 may also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which are not described herein again.
The audio circuitry 180, speaker 181, microphone 182 may provide an audio interface between a user and the handset 100. The audio circuit 180 may transmit the electrical signal converted from the received audio data to the speaker 181, and the electrical signal is converted into a sound signal by the speaker 181 and output; on the other hand, the microphone 182 converts the collected sound signals into electrical signals, which are received by the audio circuit 180 and converted into audio data, which are then output to the RF circuit 110 for transmission to, for example, another cell phone, or to the memory 140 for further processing.
Wi-Fi belongs to a short-distance wireless transmission technology, and the mobile phone 100 can help a user to receive and send emails, browse webpages, access streaming media and the like through the Wi-Fi module 190, and provides wireless broadband internet access for the user. Although fig. 1 shows the Wi-Fi module 190, it is understood that it does not belong to the essential constitution of the cellular phone 100, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 130 is a control center of the mobile phone 100, connects various parts of the entire mobile phone by using various interfaces and lines, and performs various functions of the mobile phone 100 and processes data by operating or executing software programs and/or modules stored in the memory 140 and calling data stored in the memory 140, thereby implementing various services based on the mobile phone. Optionally, processor 130 may include one or more processing units; preferably, the processor 130 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 130.
In embodiments of the present invention, processor 130 may execute program instructions stored in memory 140 to implement the methods illustrated in the following embodiments.
The handset 100 also includes a power supply 120 (e.g., a battery) for powering the various components, which may be logically coupled to the processor 130 via a power management system to manage charging, discharging, and power consumption via the power management system.
Although not shown, the mobile phone 100 may further include a camera, a bluetooth module, etc., which will not be described herein.
An embodiment of the present invention provides a method for protecting a terminal, and as shown in fig. 2, the method of the embodiment includes:
step 201, the terminal detects a first operation;
step 202, verifying first safety information, and enabling the terminal to enter a safety mode;
step 203, after the terminal enters a safety mode, detecting a second operation;
if the time for entering the safety mode exceeds the first time period in the step 204, jumping to a step 205; if the time for entering the safe mode is within the first time period, jumping to step 206;
step 205, the terminal exits the security mode;
and step 206, the terminal inputs second safety information, and exits the safety mode after the verification is successful.
The execution main body of the embodiment of the invention is a terminal, and the terminal comprises an electronic device with communication capability, such as a smart phone, a tablet computer, a navigation device and the like.
Further, in the embodiment of the present invention, the first operation in step 201 includes at least one of the following options: voice, specific gesture, selection of touch key, and operation of physical key. The voice and the specific gesture can be preset by the terminal or can be set by a user in a self-defined mode. The physical key is operated, and can be a single key or a combination of a plurality of keys. The touch key can be a virtual key on the display screen of the terminal.
Specifically, in some embodiments, the user presses the power key and the volume key of the terminal at the same time, and the terminal enters the secure mode.
Further, in this embodiment of the present invention, in step 202, the first security information includes at least one of the following options: at least one of a number, a graphical password, and a biometric characteristic (including but not limited to fingerprint, iris recognition, face recognition). The first security information is used for verifying that the terminal enters a security mode. For example, when the terminal detects the first operation, the user is required to input a fingerprint, and when the fingerprint is verified correctly, the terminal enters a screen lock state.
Specifically, in step 204, the first time period may be a certain time period, for example, 10 minutes, and after the terminal enters the secure mode for more than 10 minutes and receives an instruction to exit the secure mode, the terminal exits the secure mode. And if the time for the terminal to enter the safety mode is less than 10 minutes, after the terminal receives the instruction for exiting the safety mode, the terminal can exit the safety mode only after the second safety information is successfully verified.
Specifically, in step 204, the first time period may also be a specific time period, for example, a time period from 14:10 to 14:30, and after receiving the instruction to exit the secure mode, if the current time is 14:35, the terminal exits the secure mode. After receiving the instruction of exiting the safe mode, if the current time is 14:20, the terminal can exit the safe mode only after successfully verifying the second safety information.
Further, in the embodiment of the present invention, the security mode in step 201 includes at least one of the following options: the terminal enters a screen locking state, the screen cannot be unlocked in a first time period, and the terminal cannot be powered off or restarted; or not allowing the flight mode to be initiated; or the boot operation is not allowed to be performed in the second time period.
Similarly, the second time period may be a certain time length, or may be a specific time period, and the second time period may be the same as or different from the first time period.
Further, in this embodiment of the present invention, the security mode further includes that at least one of a software function or a hardware function of the terminal is disabled. For example, the restricted software functions include, but are not limited to, the terminal being unable to change a mute setting (including mute, vibrate, or normal volume), being unable to use any payment software, turning off lock screen photographing and camera functions, etc. The hardware limiting function includes but is not limited to closing a communication module, a GPS/Beidou satellite positioning module and other satellite positioning modules, not executing mobile network position area updating or inter-system switching, forbidding automatic connection and opening of Wi-Fi hotspots or trusted Wi-Fi hotspots stored in the mobile network data service function, closing an audio interface, closing an SD card interface, closing a Universal Serial Bus (USB) or other data line interfaces and the like.
Optionally, in some embodiments, the terminal is in a secure mode to enhance protection against security risks by disabling software and hardware functionality. The security risks include, but are not limited to, a third party activating a flight mode of the terminal, turning off or restarting the terminal (which may cause the terminal to be off-line and unable to call in), the third party resetting the mute of the terminal to be vibration or normal volume (the vibration or ring tone when calling in is regarded as an interference), the third party repeatedly swiping the card and absorbing charges through Near Field Communication (NFC), an attacker attracting the terminal through a pseudo base station or Wi-Fi hot spot (the attacker may send fraud or harassment short messages while on the fly, or eavesdropping sensitive information (such as short messages, micro-message messages, financial software messages, etc.), or luring the terminal to download updates with viruses or monitoring programs), the attacker sending strong satellite signals to suppress satellite Positioning signals such as a normal Global Positioning System (Global Positioning System, GPS)/beidou, etc., thereby inducing the terminal to generate an erroneous Positioning result or a personal moving track, an attacker invades the terminal through a wired or wireless interface, and utilizes software and hardware design loopholes or normal functions to install monitoring software or steal sensitive information and the like.
Optionally, in some embodiments, the terminal may set a risk option, which is selected when configuring the security mode information, and the risk option may include the risk described in the above embodiments, such as property risk, communication risk, and the like.
Further, in this embodiment of the present invention, in step 204, the second security information is different from the first security information, and the second security information includes at least one of the following options: numbers, graphical passwords, and biometrics. The second security information is used for the terminal to exit the security mode. The second safety information has higher operation authority, so that the terminal can exit the safety mode in advance.
Optionally, in some embodiments, the terminal has a function of recording a security log in the security mode, and the content of the security log record includes, but is not limited to, an operation and an exception of the terminal. The security log is stored in the terminal and can be viewed by a user.
Optionally, in some embodiments, the security log may be user-defined to record a range, including but not limited to the SIM/SD card being pulled out, the terminal repeatedly unlocking, reading, copying or sending out sensitive information, and installing software.
Specifically, fig. 3(a) is a specific example of the first operation provided on the basis of the foregoing step 201. As shown in fig. 3(a), the method steps include:
step 301, a user clicks a security mode switch on a screen or marks out a specific gesture on a terminal screen, and instruction information for activating a security mode is sent to a terminal;
step 302, the terminal judges whether first safety information is set, if the first safety information is set, the step 304 is skipped, and if the first safety information is not set, the step 303 is skipped;
step 303, if the first security information is not set, the user is required to configure the first security information, and the terminal enters a security mode after configuring the first security information.
Step 304, the terminal directly enters a secure mode.
Specifically, in the embodiment of the present invention, in step 301, the terminal acquires a specific gesture drawn by the user on the terminal screen, and when the specific gesture is the same as the specific gesture stored in the terminal, the terminal enters the security mode.
Optionally, in some embodiments, the specific gesture for activating the security mode may also be set by the user through an operating system, and when the new specific gesture is successfully set, the original specific gesture is disabled.
Optionally, in some embodiments, the user may also choose not to set the first security information, and the terminal directly enters the security mode after detecting the first operation of the user.
Further, fig. 3(b) is a flowchart of a method for activating a security mode using a specific gesture according to another embodiment of the present invention. As shown in fig. 3(b), the terminal presents an interface 305, the interface 305 is in a screen unlock state, when the user marks a specific "S" type gesture 306 on the terminal interface 305, the terminal receives an instruction to activate the security mode, and the terminal enters the security mode.
Further, as shown in fig. 3(c), the terminal presents an interface 307 for the terminal to enter a screen lock state in the secure mode.
Further, fig. 4 is a flowchart of a method for self-activating a terminal security mode according to another embodiment of the present invention. As shown in fig. 4, the method of the present embodiment includes:
step 401, the terminal enters a screen locking state;
step 402, the time of locking the terminal screen is greater than or equal to a first threshold;
in step 403, the terminal enters a secure mode.
Optionally, in some embodiments, the first threshold in step 402 is set by the terminal, and when the time for entering the screen lock state is greater than or equal to the first threshold, the terminal activates itself and enters the secure mode state.
Optionally, in some embodiments, when the screen locking time reaches the first threshold, the terminal may enter the security mode only after inputting the security information for verification.
FIG. 5 is a flow chart of a method for detecting an interface anomaly according to another embodiment of the present invention. As shown in fig. 5, the method of the present embodiment includes:
step 501, the terminal is matched with another terminal;
step 502, after entering a safety mode, detecting that an interface is abnormal;
step 503, the terminal sends notification information to the matched terminal.
Specifically, in step 501 of this embodiment, the terminal includes, but is not limited to, a mobile phone, a tablet computer, an intelligent wearable device, and the like. The method for configuring the matched terminal comprises the step of storing the configured terminal identification in the terminal in advance to realize matching. The Identification includes, but is not limited to, a phone Number or an International Mobile Subscriber Identity (IMSI)/International Mobile Equipment Identity (IMEI), etc.
Optionally, in some embodiments, the terminal matching method further includes performing matching in a wireless communication manner such as bluetooth, Wi-Fi, and NFC. Further, a terminal may match one or more other terminals.
Specifically, in some embodiments, the terminal turns on bluetooth, and when the terminal is paired with another terminal, the two terminals complete matching.
Further, in step 503, the notification information includes, but is not limited to, the code number of the exception, the location information, and the time information.
Optionally, in some embodiments, when the terminal detects that the SIM/SD card is unplugged, the terminal immediately sends notification information, for example, the notification information is sent to the matched terminal through a short message or a data service, and after receiving the notification information, the user may immediately report that the SIM card is lost, or may retrieve the mobile phone as much as possible according to the notification information.
Optionally, in some embodiments, in the secure mode, when the terminal detects that the USB device is inserted, the terminal immediately sends notification information to the matched terminal.
Optionally, in some embodiments, the terminal may be associated with a software or network platform account, and an email account, and in the security mode, when the terminal detects an abnormality, a notification message is sent to the corresponding account.
Specifically, the manner of sending the notification information to the matching terminal by the terminal includes, but is not limited to, short message, message sending through social software or instant messaging software, and email.
Optionally, in some embodiments, in the secure mode, if the terminal detects that the interface portion is damaged or modified, a notification message is sent to the matched terminal.
Optionally, in some embodiments, in the secure mode, the terminal may record all detected interface anomalies into a security log, where the record content includes, but is not limited to, an anomaly type, a time when the anomaly occurred, and location information.
Further, in the secure mode, the terminal shutdown method provided by the embodiment of the present invention. As shown in fig. 6(a), the method of the present embodiment includes:
601, the terminal sets a second time period;
step 602, the terminal detects a first operation;
step 603, the terminal is powered off, and the terminal is not allowed to be powered on in a second time period;
step 604, when the second time period is reached, the terminal can be normally powered on and off.
The second time period may be preset when the terminal leaves a factory or manually set by a user. Specifically, if the user does not set the second time period during shutdown, the terminal prompts the user to set the time period before shutdown.
Specifically, fig. 6(b) is a schematic diagram of a specific operation interface for shutdown in the secure mode, as shown in fig. 6(b), 605 is a power key, 606 is an option for the terminal to enter the flight mode, 607 is an option for the terminal to enter the mute mode, 608 is an option for restarting the terminal, 609 is an option for shutdown, and 610 is an option for shutdown in the secure mode.
Optionally, in some embodiments, after the terminal detects that the power key 605 is pressed or other physical keys are pressed in combination, and the preset time of the terminal is reached, the terminal presents the interface shown in fig. 6(b), and after the user clicks the security shutdown option 610, the terminal enters the security mode and shuts down.
Further, on the basis of the above embodiment, fig. 7 provides a specific method for determining whether the user configures the first security information when the user is powered off in the security mode. The method comprises the following steps:
step 701, the terminal detects a first operation, where the first operation may be to click a security shutdown option 610, and at this time, the terminal receives an instruction to start security shutdown;
step 702, the terminal judges whether first safety information is set;
step 703, the terminal requires the user to configure the first security information without setting the security information;
step 704, the terminal is powered off.
Further, on the basis of the above embodiment, fig. 8 provides a method for shutdown that requires the first security information verification. The method comprises the following steps:
step 801, a terminal detects a first operation, where the first operation may be clicking a security shutdown option 610, and at this time, the terminal receives an instruction to start security shutdown;
step 802, verifying the first safety information, and if the verification fails, inputting the first safety information again for verification;
step 803, verifying that the first safety information is correct, and shutting down the terminal.
Optionally, in some embodiments, a limit on the number of times of inputting the security information may be set, the terminal enters a locked state after an input error exceeds a certain limit, and the terminal may perform a re-operation after a time limit of the locked state is reached.
Further, on the basis of the above embodiments, fig. 9 provides a terminal security protection method. The method comprises the following steps:
step 901, in a security mode, the terminal is powered off;
step 902, judging whether the time for the terminal to enter the safe shutdown state is in a second time period, if so, skipping to step 904, and if not, skipping to step 903;
step 903, exiting the safe shutdown mode, and enabling the terminal to perform a startup operation when receiving a startup instruction;
step 904, the terminal does not allow the boot operation and keeps the safe shutdown state;
optionally, in some embodiments, the terminal sets a timer to set the secure shutdown time, the timer does not overflow during the secure shutdown time, the startup signal cannot be sent, and only after the second time period is reached, the timer overflows, the startup signal can be sent normally, and the terminal can be started normally.
Further, on the basis of the above embodiment, fig. 10 provides a method for the user to power on in the second time period. The method comprises the following steps:
1001, the terminal receives a starting instruction in a second time period;
step 1002, verifying the second safety information, if the verification is wrong, going to step 1003, and if the verification is correct, going to step 1005
And 1003, jumping to 1002 when the second safety information is wrong and does not exceed the limited number of times, and jumping to 1004 if the second safety information exceeds the limited number of times.
Step 1004, the terminal continues to be in a safe mode and forbids the startup operation;
step 1005, the terminal exits the security mode and is normally powered on.
Further, in step 1004, if the user verifies that the second security information is incorrect for more than a certain number of times (e.g. 3 times), the terminal screen is locked and does not accept the booting operation any more.
An embodiment of the present invention provides a terminal 1100, as shown in fig. 11, including a detection module 1101, a verification module 1102, and a prohibition module 1103. The detection module 1101 is configured to detect a first operation and a second operation of a user, where the first operation is to enable the terminal to enter a secure mode, and the second operation is to enable the terminal to exit the secure mode; a verification module 1102 for verifying the first security information and the second security information; a disabling module 1103 configured to disable at least one of a software function or a hardware function of the terminal.
Optionally, in some embodiments, the detection module 1101 is connected to the verification module 1102, and when the detection module 1101 detects a user operation, the verification module 1102 responds to request the user to perform security information verification.
Optionally, in some embodiments, the prohibiting module 1103 prohibits operations, such as shutdown or restart, of the terminal within the first time period in the secure mode; in the second time period, prohibiting the terminal from starting up; when the number of times of the terminal security information error exceeds a certain threshold, the prohibiting module 1103 locks the terminal and prohibits the operation.
An embodiment of the present invention further provides a computer storage medium, which is used to store computer software instructions for implementing the method and apparatus for protecting terminal security shown in fig. 1 to 11, and which includes program codes designed to execute the method embodiment.
The embodiment of the invention also provides a computer program product. The computer program product comprises computer software instructions which can be loaded by a processor for implementing the method in the above-described method embodiments.
While the invention has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (15)

  1. A method for protecting the security of a terminal is used for protecting the information security of the terminal, and is characterized in that the method comprises the following steps:
    the terminal detects a first operation of a user, wherein the first operation is used for enabling the terminal to enter a safe mode;
    the security mode includes at least one of the following options:
    the terminal enters a screen locking state, the screen cannot be unlocked in a first time period, and the terminal cannot be powered off or restarted;
    the terminal does not allow the start of the flight mode; and the combination of (a) and (b),
    and the terminal is powered off, and the power-on operation is not allowed in a second time period.
  2. The method of claim 1, further comprising:
    and when the time for the terminal to enter the screen locking state is more than or equal to a first threshold value, the terminal automatically enters the safety mode.
  3. The method according to claim 1 or 2, characterized in that the method further comprises:
    verifying first safety information before the terminal enters the safety mode;
    the first security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  4. The method according to any of claims 1-3, wherein the first operation comprises at least one of the following options: voice, specific gesture, selection of touch key, and operation of physical key.
  5. The method according to claim 1 or 2,
    and after the terminal enters the safety mode, at least one of the software function or the hardware function of the terminal is forbidden.
  6. The method according to any one of claims 1-3, further comprising:
    and the terminal detects a second operation of the user, wherein the second operation is used for enabling the terminal to exit the safe mode.
  7. The method of claim 6,
    before exiting the security mode, the terminal verifies second security information, wherein the second security information is different from the first security information;
    the second security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  8. A terminal, comprising:
    the terminal comprises a detection module, a processing module and a processing module, wherein the detection module is used for detecting a first operation of a user, and the first operation is used for enabling the terminal to enter a safe mode;
    the security mode includes at least one of the following options:
    the terminal enters a screen locking state, the screen cannot be unlocked in a first time period, and the terminal cannot be powered off or restarted;
    the terminal does not allow the start of the flight mode; and the combination of (a) and (b),
    and the terminal is powered off, and the power-on operation is not allowed in a second time period.
  9. The terminal of claim 8, wherein the terminal further comprises:
    the verification module is used for verifying the first safety information;
    the first security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  10. The terminal according to claim 8 or 9, characterized in that the terminal further comprises:
    a disabling module for disabling at least one of a software function or a hardware function of the terminal.
  11. The terminal according to any of claims 8-10,
    the detection module is further configured to detect a second operation of the user, where the second operation is used to cause the terminal to exit the secure mode.
  12. The terminal of claim 9,
    the verification module is further used for verifying second safety information, and the second safety information is different from the first safety information;
    the second security information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  13. A terminal, comprising:
    one or more processors;
    one or more memories in which one or more computer programs are stored, the one or more computer programs comprising instructions, which when executed by the one or more processors, cause the terminal to perform the method of any of claims 1-7.
  14. A computer program product comprising instructions for causing an electronic device to perform the method according to any of claims 1-7 when the computer program product is run on the electronic device.
  15. A computer-readable storage medium comprising instructions that, when executed on an electronic device, cause the electronic device to perform the method of any of claims 1-7.
CN201780096669.7A 2017-11-10 2017-11-10 Terminal security protection method and device Pending CN111316269A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/110479 WO2019090702A1 (en) 2017-11-10 2017-11-10 Terminal security protection method and device

Publications (1)

Publication Number Publication Date
CN111316269A true CN111316269A (en) 2020-06-19

Family

ID=66437433

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780096669.7A Pending CN111316269A (en) 2017-11-10 2017-11-10 Terminal security protection method and device

Country Status (2)

Country Link
CN (1) CN111316269A (en)
WO (1) WO2019090702A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115767025A (en) * 2022-11-10 2023-03-07 合芯科技有限公司 Method and device for preventing data leakage, electronic equipment and storage medium
WO2024001767A1 (en) * 2022-06-30 2024-01-04 华为技术有限公司 Method for switching security service, and terminal

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116193018A (en) * 2022-12-08 2023-05-30 中国联合网络通信集团有限公司 Method, device, equipment and storage medium for executing security policy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222517A (en) * 2007-12-21 2008-07-16 深圳市赛格导航科技股份有限公司 Mobile communication terminal and its anti-theft method
CN104182707A (en) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 Anti-theft method and device for handheld intelligent mobile terminal
CN105120102A (en) * 2015-09-06 2015-12-02 郓小明 Mobile terminal and intelligent invisible locating anti-theft device used for same
CN105701394A (en) * 2014-11-24 2016-06-22 比亚迪股份有限公司 Anti-addiction method and terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140274376A1 (en) * 2013-03-15 2014-09-18 Zynga Inc. Systems and methods of providing parental controls for game content
CN105736433B (en) * 2014-12-10 2017-12-01 中国长城科技集团股份有限公司 A kind of control method for fan, device and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222517A (en) * 2007-12-21 2008-07-16 深圳市赛格导航科技股份有限公司 Mobile communication terminal and its anti-theft method
CN104182707A (en) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 Anti-theft method and device for handheld intelligent mobile terminal
CN105701394A (en) * 2014-11-24 2016-06-22 比亚迪股份有限公司 Anti-addiction method and terminal
CN105120102A (en) * 2015-09-06 2015-12-02 郓小明 Mobile terminal and intelligent invisible locating anti-theft device used for same

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024001767A1 (en) * 2022-06-30 2024-01-04 华为技术有限公司 Method for switching security service, and terminal
CN115767025A (en) * 2022-11-10 2023-03-07 合芯科技有限公司 Method and device for preventing data leakage, electronic equipment and storage medium
CN115767025B (en) * 2022-11-10 2024-01-23 合芯科技有限公司 Method, device, electronic equipment and storage medium for preventing data leakage

Also Published As

Publication number Publication date
WO2019090702A1 (en) 2019-05-16

Similar Documents

Publication Publication Date Title
EP2549678B1 (en) Method and apparatus for protecting software of mobile terminal
CN106778175B (en) Interface locking method and device and terminal equipment
KR20150046766A (en) Unlocking process mehtod, apparatus and device for terminal
CN107025395B (en) Fingerprint identification method and mobile terminal
CN103458124B (en) A kind of shutdown processing method of terminal, device and terminal equipment
CN106331370B (en) A kind of data transmission method and terminal device
CN106327193B (en) A kind of system unlocking method and equipment
CN108156537B (en) Remote operation method of mobile terminal and mobile terminal
CN107493378B (en) Method and device for logging in application program, computer equipment and readable storage medium
WO2019011109A1 (en) Permission control method and related product
US20200285725A1 (en) Method and Apparatus for Security Verification and Mobile Terminal
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
CN106470269A (en) A kind of method and apparatus of antitheft mobile phone
CN108781234B (en) Function control method and terminal
KR20150100476A (en) Secruity method for preventing theft and electronic device thereof
KR102503514B1 (en) Authentication window display method and device
WO2016192511A1 (en) Method and apparatus for remotely deleting information
CN106878554A (en) A kind of theft preventing method of mobile terminal, device and mobile terminal
CN111316269A (en) Terminal security protection method and device
CN108537058A (en) The polygonal color application method and device, computer readable storage medium, terminal of terminal
CN111357245B (en) Information searching method, terminal, network equipment and system
WO2017193645A1 (en) Method and apparatus for displaying data, and terminal
CN108549804B (en) Mode switching method and device, computer readable storage medium and terminal
CN108769366B (en) Authority management method, device, mobile terminal and storage medium
CN114697007B (en) Key management method, corresponding device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200619

RJ01 Rejection of invention patent application after publication